Bing
CVE-2025-21355
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
AnalysisAI
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network Affected products include: Microsoft Bing.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Require authentication for all sensitive operations, implement defense in depth.
The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vecto
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Mi
Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitab
UI misrepresentation of critical information in Microsoft Bing Search for Android (versions below 33.3) enables unauthen
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today